In Other News: Ukraine Hacks Russia, CVE for Water ICS Attacks, New Intel Xeon CPUs 

December 15, 2023 at 09:54AM SecurityWeek’s weekly cybersecurity roundup offers a concise compilation of notable stories, covering topics like Chinese APT hacking, Ukraine’s server destruction, cryptocurrency theft, ransomware gang arrests, vulnerabilities, and software patches. It also highlights industry news such as Dragos CEO joining DataTribe and the launch of 5th Gen Intel Xeon processors with … Read more

Dell Urges Customers to Patch Vulnerabilities in PowerProtect Products

December 14, 2023 at 07:18AM Several serious vulnerabilities have been found in Dell’s PowerProtect products, impacting various appliances and potentially allowing attackers to execute malicious code, steal information, and gain control of systems. Dell is urging customers to review and implement security measures outlined in the DSA-2023-412 advisory and emphasizes the importance of product security … Read more

Chrome 120 Update Patches High-Severity Vulnerabilities

December 13, 2023 at 07:00AM Google announced the release of Chrome 120 security update addressing nine vulnerabilities, with six reported by external researchers. The most severe resolved vulnerability is a type confusion bug in the V8 JavaScript engine, with CVE-2023-6702. Google paid out bug bounties totaling $50,000 and has restricted access to vulnerability details. The … Read more

Microsoft December 2023 Patch Tuesday fixes 34 flaws, 1 zero-day

December 12, 2023 at 02:02PM Today’s December 2023 Patch Tuesday from Microsoft addresses 34 flaws, including an unpatched vulnerability in AMD CPUs. Notably, it resolves a public zero-day AMD bug and includes a total of 8 fixes for Microsoft Edge flaws. Additionally, updates from other vendors in December are detailed, along with a list of … Read more

Flaws in Delta OT Monitoring Product Can Allow Hackers to Hide Destructive Activities

December 11, 2023 at 07:48AM Critical vulnerabilities in Delta Electronics’ InfraSuite Device Master, a data center facility monitoring software, were disclosed by CISA and ZDI. The flaws, including remote code execution and obtaining plaintext credentials, can be exploited by attackers to hide destructive activities from employees and gain administrative privileges. These vulnerabilities have reportedly been … Read more

New 5Ghoul attack impacts 5G phones with Qualcomm, MediaTek chips

December 8, 2023 at 10:25AM A new set of 5G modem vulnerabilities, collectively known as “5Ghoul,” impact 710 5G smartphone models from Google partners and Apple, as well as routers and USB modems. Discovered by researchers, these vulnerabilities can lead to disruptions and network downgrades, posing a risk to security. Qualcomm and MediaTek have released … Read more

Trio of major holes in ownCloud expose admin passwords, allow unauthenticated file mods

November 27, 2023 at 01:34PM ownCloud has disclosed three critical vulnerabilities, including sensitive data exposure and authentication bypass flaws. The vulnerabilities affect containerized deployments, exposing admin passwords, mail server credentials, and license keys. Customers are advised to delete a specific file, change their secrets, and deny the use of pre-signed URLs. ownCloud is taking steps … Read more

Critical ownCloud Flaws Lead to Sensitive Information Disclosure, Authentication Bypass

November 27, 2023 at 11:36AM Open-source file-sharing software ownCloud has been found to have critical vulnerabilities that could expose sensitive information and allow authentication bypass. The most severe vulnerability affects the graphapi app and reveals important PHP environment details, including sensitive data like admin passwords and license keys. Another vulnerability allows unauthorized access, modification, and … Read more

Warning: 3 Critical Vulnerabilities Expose ownCloud Users to Data Breaches

November 24, 2023 at 11:30PM The open-source file-sharing software ownCloud has warned users about three critical security flaws that could expose sensitive information and allow for file modification. The vulnerabilities involve disclosure of credentials and configuration, authentication bypass, and subdomain validation bypass. The company recommends specific fixes for each flaw. Additionally, a critical remote code … Read more

Microsoft Offers Up to $20,000 for Vulnerabilities in Defender Products

November 22, 2023 at 09:06AM Microsoft has launched a new bug bounty program called the Microsoft Defender Bounty Program. The program invites researchers to find vulnerabilities in Defender products and services and earn rewards ranging from $500 to $20,000. The highest rewards are given for critical-severity remote code execution bugs. Researchers must report flaws within … Read more